Re: Extracting Entropy?

John Kelsey Sat, 24 Jun 2000 19:04:11 -0700
-----BEGIN PGP SIGNED MESSAGE-----

At 08:48 AM 6/20/00 +0100, Paul Crowley wrote:

...
>If you don't mind the limitation of 1k of internal state, then
>Panama could be used directly; push in your salt and passphrase,
>padding to the edge of the block with one followed by zeroes, then
>do 32 blank pulls and start pulling out your key.  If you want to do
>key stretching, you could do more blank pulls before pulling out the
>key (though this doesn't have the proven properties of the hash
>construction of the key stretching paper).  

A generalization of this idea is:

S(K,len) is stream cipher output with key K and length of output len.
hash(X) is hash function output of same size as K.

Key = S(hash(passphrase),desired key length)

This ends up with all the weaknesses of both the hash and the stream
cipher (in Panama, the same primitive), but if you believed that
you'd never see a hash collision in practice, and that you'd never
see an instance where the output of the stream cipher could be
distinguished from a random stream of bits without knowledge of the
key in practice, then you'd have to believe that you'd never see a
case where this wasn't just fine for generating key material from a
shorter passphrase.  

>I've been told there are results published against Panama (can
>anyone give references?) but I think this demonstrates the
>flexibility of the  push-pull interface and it would be nice to have
>more designs that offered it.  

I agree, it's a nice idea to have a stream cipher, hash, and MAC
built into one primitive, and the interface for doing it is pretty
cool.

>  __
>\/ o\ [EMAIL PROTECTED]   *NOTE NEW EMAIL ADDRESS* \ /
>/\__/ Paul Crowley   http://www.cluefactory.org.uk/paul/ /~\

- --John Kelsey, [EMAIL PROTECTED] 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo

iQCVAwUBOVL4hSZv+/Ry/LrBAQGZCwP/Y57fAFSNkNg0WcJsBDyv5gmdG1vvNmq7
g/39TxSYNq+2SJHeMwWO0qVrbjCqA0IzFzstPqvxoX8K4iXsdAqO3zPNKVmIHbeZ
jdzKN6YRVTxLwe1lO/V4nkWGz/U3gbxOww1vL+yLT9k08qOXqcw5SSwezyHiYTdz
Y80m4xFSkx8=
=FCN1
-----END PGP SIGNATURE-----
Re: Extracting Entropy?

Reply via email to
